I´m testing NAC authentication with kerberos from X440-G2-switches.
Hands on this article https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configured-Identity-Management-for-...
, everything works fine, but I have a few questions/issues:
1. If I log on to a windows client against the AD, I see the session in the cli of the switch with show identity-management entries, but it will disappear after few minutes, even the PC is active and logged in. Is this okay?
2. After logging in to the PC, I can see the username in NAC. But when I log out from the PC, I still see the username and the end system is accepted based on this.
3. If I logout from the client and login with another user, I see the active user in the cli of the switch, but I have to reauthenticate the End System in NAC to see the other user that is currently logged in.
I think, the switch should sent something like a notification to the NAC, if users log out or there is an user change. Is this possible?
If there is a similiar post in the hub, please show me the link. I´ve searched the forum, but didn´t found any suitable topic.
Thanks in advance for your replies!
Kind Regards, Ralf